In certain applications including, but not limited to, electronic commerce (e-commerce), portable communications devices (e.g., cell phones), solid-state media storage devices, etc., security codes are required in order to protect stored data and/or device usage. Security codes, or codes or numbers upon which such security codes are derived, are typically stored in nonvolatile memory embedded within integrated circuit (IC) chips, such as, for example, flash memory and one-time-programmable (OTP) memory. Nonvolatile memory is used to ensure that the security codes are retained in the host chip when the chip is powered down. To provide a secure environment, it is imperative that security codes are not detectable by known methods of observation or reverse engineering. Unfortunately, most conventional methods of storing security codes within embedded nonvolatile memory can be detected through visual inspection, scanning electron microscope (SEM) imaging, and/or charge measurement techniques.
For example, embedded flash memory is nonvolatile memory that can be programmed with unique security codes. However, the programmed data state of flash memory cells can be determined by known charge measurement methods. OTP memory, which includes oxide breakdown anti-fuse memory and metal or polysilicon (poly) fuse memory, can be programmed with unique security codes and is nonvolatile. However, the programmed data state of the memory cells can be determined by examination of gate oxide breakdown regions in the anti-fuse memory, using SEM or alternative imaging techniques. Likewise, the programmed data states of the respective cells in a metal or polysilicon fuse memory can be determined by layer removal and visual inspection. Consequently, conventional methods for programming security codes into nonvolatile memory lack sufficient guarantees of security and are therefore undesirable.
As an alternative to programming security codes into nonvolatile memory, security codes can be generated outside of the host chip (e.g., based at least in part on codes or random number generators), communicated to the chip and then stored in nonvolatile memory embedded within the chip. This approach, however, in undesirable in that it is susceptible to theft primarily because the security codes are known outside of the host chip environment and can therefore be intercepted and/or manipulated.
Accordingly, there exists a need for techniques for ensuring the security of stored data and/or device usage that do not suffer from one or more of the limitations exhibited by conventional approaches.